Third party risk management outlook

A global survey of 1,100 senior TPRM executives reveals how businesses are assessing and managing third parties.

Organizations are increasingly reliant on third-party suppliers to deliver business-critical products and services to their clients and customers. They are also finding that failures by third-parties can rapidly tarnish their reputations and have significant downstream operational and cost implications. 

To understand how businesses are assessing and managing third parties in 2020, KPMG International conducted a survey of 1,100 senior third party risk managment (TPRM) executives from major businesses across 14 countries/jurisdictions and 6 industries. 

Key findings



More than three in four respondents (77%) say TPRM is a strategic priority for their business.



Three quarters of respondents (74%) admit that they urgently need to make TPRM more consistent across the enterprise. 



Half of businesses (50%) do not have sufficient capabilities in-house to manage all the third-party risks they face. 



Only a quarter (25%) of businesses are using technologies to improve either the workflow automation or monitoring of third parties. 



Technology is the most favored investment (61%) that respondents will make when new funding is made available.



Three in four (76%) of respondents overall indicate that funding is available or growing to evolve and strengthen their TPRM programs.

Read the survey report

How should a business transform its TPRM program?

As organizations address their concerns around these issues, it is evident that they need a clear strategy for the selection, approval and management of third-parties. With a myriad of stakeholders involved, from the business as well as the procurement and risk oversight functions, developing and implementing this strategy continues to be highly challenging. Many will reassess the risk profile of their third-parties and re-evaluate their own resilience in the wake of the disruption caused by global events and economic uncertainty. As businesses do so, the need for a robust and sustainable TPRM program will be more important that ever before.

Four key steps that businesses should take to ensure it is optimized across the four pillars of governance, process, infrastructure and data

Contact us

Greg Matthews

Greg Matthews

Partner, KPMG US

+1 212-954-7784
Marc Miller

Marc Miller

Partner, Risk & Compliance Leader, KPMG US

+1 212-872-6916
Daniel W. Click

Daniel W. Click

Managing Director, Forensic, KPMG U.S.

+1 313-230-3240